Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-0601 | 1 Axpdfium Project | 1 Axpdfium | 2018-08-17 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in axpdfium v0.01 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0596 | 1 Microsoft | 1 Visual Studio Community | 2018-08-17 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in the installer of Visual Studio Community allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0603 | 1 Geminilabs | 1 Site Reviews | 2018-08-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Site Reviews versions prior to 2.15.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-0595 | 1 Microsoft | 2 Skype, Windows | 2018-08-17 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in the installer of Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0592 | 1 Microsoft | 1 Onedrive | 2018-08-17 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0593 | 1 Microsoft | 1 Onedrive | 2018-08-17 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in the installer of Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0594 | 1 Microsoft | 2 Skype, Windows | 2018-08-17 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-12933 | 1 Winehq | 1 Wine | 2018-08-17 | 7.5 HIGH | 9.8 CRITICAL |
| PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact because the attacker controls the pCreatePen->ihPen array index. | |||||
| CVE-2018-12916 | 1 Pbc Project | 1 Pbc | 2018-08-17 | 7.5 HIGH | 9.8 CRITICAL |
| In libpbc.a in PBC through 2017-03-02, there is a Segmentation fault in _pbcP_message_default in proto.c. | |||||
| CVE-2018-1000602 | 1 Jenkins | 1 Saml | 2018-08-17 | 4.3 MEDIUM | 5.9 MEDIUM |
| A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate another users if they can control the pre-authentication session. | |||||
| CVE-2018-1000601 | 1 Jenkins | 1 Ssh Credentials | 2018-08-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master file system. | |||||
| CVE-2018-1000553 | 1 Trovebox | 1 Trovebox | 2018-08-17 | 6.5 MEDIUM | 8.8 HIGH |
| Trovebox version <= 4.0.0-rc6 contains a Server-Side request forgery vulnerability in webhook component that can result in read or update internal resources. This attack appear to be exploitable via HTTP request. This vulnerability appears to have been fixed in after commit 742b8ed. | |||||
| CVE-2018-1000554 | 1 Trovebox | 1 Trovebox | 2018-08-17 | 5.0 MEDIUM | 9.8 CRITICAL |
| Trovebox version <= 4.0.0-rc6 contains a Unsafe password reset token generation vulnerability in user component that can result in Password reset. This attack appear to be exploitable via HTTP request. This vulnerability appears to have been fixed in after commit 742b8ed. | |||||
| CVE-2018-1000552 | 1 Trovebox | 1 Trovebox | 2018-08-17 | 6.5 MEDIUM | 8.8 HIGH |
| Trovebox version <= 4.0.0-rc6 contains a SQL Injection vulnerability in album component that can result in SQL code injection. This attack appear to be exploitable via HTTP request. This vulnerability appears to have been fixed in after commit 742b8ed. | |||||
| CVE-2018-8261 | 2018-08-17 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA due to an erroneous publication. Notes: none. | |||||
| CVE-2017-7186 | 1 Pcre | 2 Pcre, Pcre2 | 2018-08-17 | 5.0 MEDIUM | 7.5 HIGH |
| libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup. | |||||
| CVE-2017-7244 | 1 Pcre | 1 Pcre | 2018-08-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file. | |||||
| CVE-2017-7245 | 1 Pcre | 1 Pcre | 2018-08-17 | 6.8 MEDIUM | 7.8 HIGH |
| Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file. | |||||
| CVE-2017-7246 | 1 Pcre | 1 Pcre | 2018-08-17 | 6.8 MEDIUM | 7.8 HIGH |
| Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file. | |||||
| CVE-2017-16740 | 1 Rockwellautomation | 12 1766-l32awa, 1766-l32awa Firmware, 1766-l32awaa and 9 more | 2018-08-16 | 7.5 HIGH | 10.0 CRITICAL |
| A Buffer Overflow issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1400 Controllers, Series B and C Versions 21.002 and earlier. The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution. | |||||
| CVE-2018-13182 | 1 Loncoin Project | 1 Loncoin | 2018-08-15 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for loncoin (LON), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13185 | 1 Appcoins Project | 1 Appcoins | 2018-08-15 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for appcoins (APPC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13186 | 1 Mmtcoin Project | 1 Mmtcoin | 2018-08-15 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for MMTCoin (MMT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13188 | 1 Mybo Project | 1 Mybo | 2018-08-15 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for MyBO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13189 | 1 Unolabo Project | 1 Unolabo | 2018-08-15 | 5.0 MEDIUM | 7.5 HIGH |
| The mint function of a smart contract implementation for Unolabo (UNLB), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13190 | 1 Dvchain Project | 1 Dvchain | 2018-08-15 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for DVChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13192 | 1 Jobscoin Project | 1 Jobscoin | 2018-08-15 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Jobscoin (JOB), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13193 | 1 Hentaisolo Project | 1 Hentaisolo | 2018-08-15 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for hentaisolo (HAO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2016-9140 | 2018-08-15 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2017-8046 | 1 Pivotal Software | 2 Spring Boot, Spring Data Rest | 2018-08-15 | 7.5 HIGH | 9.8 CRITICAL |
| Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code. | |||||
| CVE-2018-12526 | 1 Telesquare | 4 Sdt-cs3b1, Sdt-cs3b1 Firmware, Sdt-cw3b1 and 1 more | 2018-08-14 | 10.0 HIGH | 9.8 CRITICAL |
| Telesquare SDT-CS3B1 and SDT-CW3B1 devices through 1.2.0 have a default factory account. Remote attackers can obtain access to the device via TELNET using a hardcoded account. | |||||
| CVE-2018-12454 | 1 1000guess | 1 1000 Guess | 2018-08-14 | 5.0 MEDIUM | 7.5 HIGH |
| The _addguess function of a simplelottery smart contract implementation for 1000 Guess, an Ethereum gambling game, generates a random value with publicly readable variables such as the current block information and a private variable (which can be read with a getStorageAt call). Therefore, it allows attackers to always win and get rewards. | |||||
| CVE-2018-12453 | 1 Redislabs | 1 Redis | 2018-08-14 | 5.0 MEDIUM | 7.5 HIGH |
| Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream. | |||||
| CVE-2018-12323 | 1 Apollotechnologiesinc | 2 Momentum Axel 720p, Momentum Axel 720p Firmware | 2018-08-14 | 7.2 HIGH | 6.8 MEDIUM |
| An issue was discovered on Momentum Axel 720P 5.1.8 devices. A password of EHLGVG is hard-coded for the root and admin accounts, which makes it easier for physically proximate attackers to login at the console. | |||||
| CVE-2018-5718 | 1 Safensoft | 3 Softcontrol Enterprise Suite, Softcontrol Syswatch, Softcontrol Tpsecure | 2018-08-14 | 5.6 MEDIUM | 7.1 HIGH |
| Improper restriction of write operations within the bounds of a memory buffer in snscore.sys in SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, SoftControl/SafenSoft Enterprise Suite before version 4.4.1 allows local users to cause a denial of service (BSOD) or modify kernel-mode memory via loading of a forged DLL into an user-mode process. | |||||
| CVE-2018-5153 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-08-14 | 5.0 MEDIUM | 7.5 HIGH |
| If websocket data is sent with mixed text and binary in a single message, the binary data can be corrupted. This can result in an out-of-bounds read with the read memory sent to the originating server in response. This vulnerability affects Firefox < 60. | |||||
| CVE-2018-5147 | 2 Debian, Mozilla | 3 Debian Linux, Firefox, Firefox Esr | 2018-08-14 | 7.5 HIGH | 9.8 CRITICAL |
| The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms. This vulnerability affects Firefox ESR < 52.7.2 and Firefox < 59.0.1. | |||||
| CVE-2018-5136 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-08-14 | 5.0 MEDIUM | 7.5 HIGH |
| A shared worker created from a "data:" URL in one tab can be shared by another tab with a different origin, bypassing the same-origin policy. This vulnerability affects Firefox < 59. | |||||
| CVE-2018-12696 | 1 Mao10 | 1 Mao10cms | 2018-08-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| mao10cms 6 allows XSS via the article page. | |||||
| CVE-2018-12695 | 1 Mao10 | 1 Mao10cms | 2018-08-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| mao10cms 6 allows XSS via the m=bbs&a=index page. | |||||
| CVE-2018-10969 | 1 Genetechsolutions | 1 Pie Register | 2018-08-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation codes grid. | |||||
| CVE-2018-11221 | 1 Artica | 1 Pandora Fms | 2018-08-14 | 7.5 HIGH | 9.8 CRITICAL |
| Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an attacker to upload an arbitrary plugin via include/ajax/update_manager.ajax in the update system. | |||||
| CVE-2018-11222 | 1 Artica | 1 Pandora Fms | 2018-08-14 | 5.0 MEDIUM | 7.5 HIGH |
| Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23 allows an attacker to call any php file via the /pandora_console/ajax.php ajax endpoint. | |||||
| CVE-2018-10377 | 1 Portswigger | 1 Burp Suite | 2018-08-14 | 4.3 MEDIUM | 5.9 MEDIUM |
| PortSwigger Burp Suite before 1.7.34 has Improper Certificate Validation of the Collaborator server certificate, which might allow man-in-the-middle attackers to obtain interaction data. | |||||
| CVE-2018-10997 | 1 Etere | 1 Etereweb | 2018-08-14 | 10.0 HIGH | 9.8 CRITICAL |
| Etere EtereWeb before 28.1.20 has a pre-authentication blind SQL injection in the POST parameters txUserName and txPassword. | |||||
| CVE-2018-1153 | 1 Portswigger | 1 Burp Suite | 2018-08-14 | 5.8 MEDIUM | 7.4 HIGH |
| Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate the server certificate in a couple of HTTPS requests which allows a man in the middle to modify or view traffic. | |||||
| CVE-2015-4043 | 1 Connx | 1 Esp Hr Management | 2018-08-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in ConnX ESP HR Management 4.4.0 allows remote attackers to execute arbitrary SQL commands via the ctl00$cphMainContent$txtUserName parameter to frmLogin.aspx. | |||||
| CVE-2017-5395 | 2 Google, Mozilla | 2 Android, Firefox | 2018-08-14 | 4.3 MEDIUM | 4.3 MEDIUM |
| Malicious sites can display a spoofed location bar on a subsequently loaded page when the existing location bar on the new page is scrolled out of view if navigations between pages can be timed correctly. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51. | |||||
| CVE-2017-7760 | 2 Microsoft, Mozilla | 3 Windows, Firefox, Firefox Esr | 2018-08-14 | 4.6 MEDIUM | 7.8 HIGH |
| The Mozilla Windows updater modifies some files to be updated by reading the original file and applying changes to it. The location of the original file can be altered by a malicious user by passing a special path to the callback parameter through the Mozilla Maintenance Service, allowing the manipulation of files in the installation directory and privilege escalation by manipulating the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54. | |||||
| CVE-2017-7763 | 3 Apple, Debian, Mozilla | 5 Mac Os X, Debian Linux, Firefox and 2 more | 2018-08-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| Default fonts on OS X display some Tibetan characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. | |||||